Use of public switched telephone network for authentication and authorization in on-line transactions

ABSTRACT

A system for authentication and/or authorization which incorporates two communication channels, and at least one of third-party data sources, geographic correlation algorithms, speech recognition algorithms, voice biometric comparison algorithms, and mechanisms to convert textual data into speech. A site visitor&#39;s identity can be verified using one or all of such features in combination with a visitors address on one of the channels.

FIELD OF THE INVENTION

[0001] The invention pertains to automated on-line authentication andauthorization systems. More particularly, the invention pertains to suchsystems, which incorporate speech processing.

BACKGROUND OF THE INVENTION

[0002] The Internet offers the prospect of expanded, world-widecommerce, e-commerce, with potentially lower cost to purchasers thanheretofore possible. However, the lack of direct person-to-personcontact has created its own set of problems. Identity theft is a problemthreatening the growth of e-commerce.

[0003] E-commerce growth will only occur if there is a trusted andreliable security infrastructure in place. It is imperative that theidentity of site visitors be verified before granting them access to anyonline application that requires trust and security. According to theNational Fraud Center, its study of identity theft “led it to theinescapable conclusion that the only realistic broad-based solution toidentity theft is through authentication.” Identity Theft:Authentication As A Solution, page 10, nationalfraud.com.

[0004] In order to “authenticate” an entity, one must:

[0005] 1. identify the entity as a “known” entity;

[0006] 2. verify that the identity being asserted by the entity is itstrue identity; and,

[0007] 3. provide an audit trail, which memorializes the reasons fortrusting the identity of the entity.

[0008] In the physical world, much of the perceived security of systemsrelies on physical presence. Traditionally, in order to open a bankaccount, an applicant must physically appear at a bank branch, assert anidentity, fill out forms, provide signatures on signature cards, etc. Itis customary for the bank to request of the applicant that they provideone or more forms of identification. This is the bank's way of verifyingthe applicant's asserted identity. If the bank accepts, for instance, adriver's license in accepting as a form of identification, then the bankis actually relying on the processing integrity of the systems of thestate agency that issued the driver's license that the applicant is whohe/she has asserted themselves to be.

[0009] The audit trail that the bank maintains includes all of the formsthat may have been filled out (including signature cards), copies ofimportant documents (such as the driver's license), and perhaps a phototaken for identification purposes. This process highlights the reliancethat a trusted identification and authentication process has on physicalpresence.

[0010] In the electronic world, the scenario would be much different. Anapplicant would appear at the registration web site for the bank, enterinformation asserting an identity and click a button to continue theprocess. With this type of registration, the only audit trail the bankwould have is that an entity from a certain IP address appeared at theweb site and entered certain information. The entity may actually havebeen an automated device. The IP address that initiated the transactionis most likely a dynamically-assigned address that was issued from apool of available addresses. In short, the bank really has no assuranceof the true identity of the entity that registered for the account.

[0011] To resolve this issue, many providers of electronic commercesites have begun to rely on mechanisms that do not happen as part of theactual electronic transaction to help provide assurance that thetransaction is authentic. These mechanisms are generally referred to as“out-of-band” mechanisms. The most frequently used out-of-bandauthentication mechanism is sending the end user a piece of mail via theUnited States Postal Service or other similar delivery services. Thepiece of mail sent to the end user will contain some piece ofinformation that the site requires the end user to possess beforeproceeding with the registration.

[0012] By sending something (e.g., a PIN number) through the mail, andthen requiring the end user to utilize that piece of information to“continue” on the web site, the provider of the site is relying on thedeterrent effects of being forced to receive a piece of mail at alocation, including but not limited to, the federal laws that areintended to prevent mail fraud. The primary drawback of using the mailis that it is slow. In addition, there is no audit trail. In this dayand age of the Internet, waiting “7-10 days” for a mail package toarrive is not ideal for the consumer or the e-commerce site.

[0013] An authentication factor is anything that can be used to verifythat someone is who he or she purports to be. Authentication factors aregenerally grouped into three general categories: something you know,something you have, and something you are.

[0014] A “something you know” is a piece of information which alone, ortaken in combination with other pieces of information, should be knownonly by the entity in question or those whom the entity in questionshould trust. Examples are a password, mother's maiden name, accountnumber, PIN, etc. This type of authentication factor is also referred toas a “shared secret”.

[0015] A shared secret is only effective if it is maintained in aconfidential fashion. Unfortunately, shared secrets are often too easyto determine. First, the shared secret is too often derived frominformation that is relatively broadly available (Social SecurityNumber, account number). Second, it is difficult for a human being tomaintain a secret that someone else really wants. If someone reallywants information from you, they may go to great lengths to get it,either by asking you or those around you, directly or indirectly, or bydetermining the information from others that may know it.

[0016] A “something you have” is any physical token which supports thepremise of an entity's identity. Examples are keys, swipe cards, andsmart cards. Physical tokens generally require some out-of-bandmechanism to actually deliver the token. Usually, some type of physicalpresence is necessary (e.g., an employee appearing in the humanresources office to pick up and sign for keys to the building.)

[0017] Physical tokens provide the added benefit of not being “sociallyengineer-able”, meaning that without the physical token, any amount ofinformation known to a disreputable party is of no use without thetoken. A trusted party must issue the token in a trusted manner.

[0018] A “something you are” is some feature of a person that can bemeasured and used to uniquely identify an individual within apopulation. Examples are fingerprints, retina patterns, and voiceprints.Biometric capabilities offer the greatest form of identityauthentication available. They require some type of physical presenceand they are able to depict unique characteristics of a person that areexceedingly difficult to spoof.

[0019] Unfortunately, capturing a biometric requires specific hardwareat the users location, and some of the hardware to support biometrics isexpensive and not yet broadly deployed. Some biometric technology in usetoday also relies on an electronic “image” of the biometric to compareagainst. If this electronic image is ever compromised, then the use ofthat biometric as identity becomes compromised. This becomes a seriousproblem based on the limited number of biometrics available today. Moreimportantly, biometrics cannot be utilized to determine an individual'sidentity in the first instance.

[0020] A security infrastructure is only as strong as its underlyingtrust model. For example, a security infrastructure premised uponsecurity credentials can only address the problems of fraud and identitytheft if the security credentials are initially distributed to thecorrect persons.

[0021] First-time registration and the initial issuance of securitycredentials, therefore, are the crux of any security infrastructure;without a trusted tool for initially verifying identity, a securityinfrastructure completely fails. The National Fraud Center explicitlynoted this problem at page 9 of its report:

[0022] “There are various levels of security used to protect theidentities of the [security credential] owners. However, the knownsecurity limitation is the process utilized to determine that the personobtaining the [security credential] is truly that person. The only knownmeans of making this determination is through the process ofauthentication.”

[0023] In any security model, the distribution of security credentialsfaces the same problem: how to verify a person's identity over theanonymous Internet. There are three known methods for attempting toverify a site visitor's identity. The three current methods aresummarized below:

[0024] Solution A: An organization requires the physical presence of auser for authentication. While the user is present, a physical biometriccould be collected for later use (fingerprint, voice sample, etc.). Theproblem with the physical presence model is that it is extremelydifficult and costly for a company to require that all of its employees,partners, and customers present themselves physically in order toreceive an electronic security credential. This model gets moredifficult and more expensive as it scales to a large number of users.

[0025] Solution B: A company identifies and authenticates an individualbased on a shared secret that the two parties have previously agreedupon. The problem with the shared secret model is that it in itselfcreates a serious security problem: shared secrets can easily becompromised. Since the shared secret is relatively easy to obtain, thissecurity model suffers from serious fraud rates. Use of an electroniccopy of a specific biometric like a thumbprint could be used as a sharedsecret. But once it is compromised, one cannot reissue a new thumbprintand there is a limited set of others to choose from.

[0026] Solution C: A company relies on communication of a shared secretthrough the postal service. This process begins when the user registersat a web site and enters uniquely identifying information. A personalidentification number (PIN) is then sent to the user at a postal mailingaddress (assuming the identifying information is correct). The user mustreceive the PIN in the mail, return to the web site and re-register toenter the PIN. The postal service is used because it is a trustednetwork; there is some assurance of delivery to the expected party andthere are legal implications for breach of the network. A large flawwith this method is the built-in delay of days, even weeks, before theuser receives the PIN. This mode of authentication is too slow bytoday's business standards; the potential of the Internet to transformthe structure of commerce rests firmly on the ability to processtransactions rapidly. Too many people simply never finish the process.Moreover, there is a limited audit trail to refer to in the event of adispute regarding the use of the security credential. A signature(another type of biometric) could be required, but that triples thedelay until the PIN is returned. Organizations are seeing large numberof potential customers not returning to close a transaction after thesedelays.

[0027] Table I summarizes characteristics of the known authenticationprocesses. TABLE I Authentication Processes Physical SharedCharacteristics Presence Mail Secrets Automated ✓ Easily Scalable ✓ ✓Auditable ✓ ✓ Can use biometrics ✓ Has legal protections ✓ ✓ Occurs inreal time, ✓ therefore tends to retain customers Deters fraud ✓ ✓Protects private data ✓

[0028] Known solutions do not enable organizations to distributeefficiently and securely electronic security credentials. Therecontinues to be a need for improved authentication or authorizingmethods. Preferably such improvements could be realized without creatingsubstantial additional complexity for a visitor to a site. It would alsobe preferable if such methods did not slow down the pace of theinteraction or transaction. One known system has been disclosed in U.S.application No. 2002/0004831A1 published Jan. 10, 2002 and entitledSystem and Method of Using The Public Switched Telephone Network InProviding Authentication or Authorization For Online Transactions,assigned to the assignee hereof and incorporated herein by reference.

BRIEF DESCRIPTION OF THE DRAWINGS

[0029]FIG. 1 is a block diagram of a system in accordance with thepresent invention;

[0030]FIG. 2A illustrates a flow of interactions between components of a“redirect model” system and method in accordance with the invention;

[0031]FIG. 2B illustrates a flow of interactions between components of a“server to server model” system and method in accordance with theinvention; and

[0032]FIG. 3 illustrates a particular application of the“server-to-server model” system and method in accordance with theinvention.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

[0033] While this invention is susceptible of embodiment in manydifferent forms, there are shown in the drawing and will be describedherein in detail specific embodiments thereof with the understandingthat the present disclosure is to be considered as an exemplification ofthe principles of the invention and is not intended to limit theinvention to the specific embodiments illustrated.

[0034] Embodiments of the present system and method exhibitcharacteristics which include:

[0035] 1. Use of two communications channels, different at least inpart. The process is facilitated where the user has access to atelephone (for example, a device identified on one of the channels, suchas a voice channel).This can provide a basic form of identityverification;

[0036] 2. Ability to input to the system over one of the channels arandom, real-time generated confirmation number delivered over the otherchannel is used as a verification of the individual's access to bothchannels. Speech recognition software can be used if the number is inputvia the voice channel;

[0037] 3. Data collected about the person, the communication channelsand their identifiers is compared to stored or third-party data aboutthe person or the communication channels. Similarities in this data canbe used as another form of verification;

[0038] 4. The ability of the person to recite or somehow enter into oneor both of the communication channels a shared secret that should onlybe known by the identity being verified is another form of identityverification. Speech recognition software can be used if the sharedsecret is input via the voice channel;

[0039] 5. Speech recognition software can be used to ensure that a voicerecording taken during the session is of known content (e.g. theconfirmation number) and of good quality. This voice recording can beused as part of the audit trail and for voice biometric comparison (see#6 below); and

[0040] 6. A voice print can be collected for this individual, during aregistration session using the above authentication techniques, or viasome other means. This previously stored voice print can be usedsubsequently as another form of identity verification by using voicebiometric software to compare the voice print to the voice recordingmentioned above in #5.

[0041]FIG. 1 illustrates a system 10 for carrying out an interactive,authentication/ authorization process. In one aspect, system 10 asdiscussed below can be implemented using multiple communication lines,one for voice and one for data. Alternately, a single line (thetelephone line) can be shared between voice communication use and datacommunication use.

[0042] The system 10 includes a site visitor's display 12 and associatedlocal computer 14.The site visitor V, via a bi-directional communicationlink 16 can access, forward requests to and receive services from anInternet service provider 20. Alternatively, if a separate communicationline 16 is not available, the telephone line 17 can be shared betweenvoice communication using the telephone 46 and data communication usingmodems. The Internet service provider 20 which would be coupled viabi-directional communication links 22 communicates via an electronicnetwork 26, which could be the publicly available Internet or a privateIntranet, with a target site 30 via a bi-directional communication link32.

[0043] In a typical transaction, the visitor V logs onto target site 30and requests, authorization, authentication or other services alone orin combination from the site 30. In response to one or more requestsfrom the visitor V, the site 30, via a bi-directional communication link34 and the network 26 communicates via another link 36 with anauthentication/authorization server 38.

[0044] Server 38 includes authorization/authentication software in theform of prestored executable instructions P. It also includes databasesD wherein information is stored in connection with prior transactions,or previously supplied information provided by target site 30.

[0045] The authentication/authorization server 38 makes it possible toauthenticate or authorize the site visitor V in accordance with thepresent invention. The server 38 receives either from target site 30 ordirectly from visitor V a telephone number where the visitor V can becalled or reached essentially immediately via an automated call fromserver 38.

[0046] To strengthen the trust in the telephone number being used forthe automated phone call, executable instructions P-1 search for thephone number within third-party databases in real-time. These databasescan be local to site 38, or can be remote and accessed via network 26.Information associated with the subject phone number can be returned tosite 38 for analysis. That data may also be returned to the requestingsite 30 for further verification that this phone number belongs to (andis therefore being answered by) the person whose identity is beingverified, the Site visitor V. The data can be processed in various ways:

[0047] i. Returned to the Target Site

[0048] Any data found associated with the phone number can be returnedto the site 30 within the transaction.

[0049] ii. Name and Address Validation

[0050] The site 30 can provide name and address data, collected fromvisitor V or from the site's existing database of information, to server38. This information will be compared to name and address informationserver 38 finds associated with the phone number. The comparison (matchor no match) can be returned to site 30 for each field of the dataprovided. Since the application can be customized to the Target Site'srequirements, any comparison algorithm can be applied. Some examplesare:

[0051] Exact character for character match

[0052] First letter match (for initial)

[0053] Nick name match (e.g. Bob matches Robert)

[0054] Partial match (e.g. Mary-Anne partially matches Mary)

[0055] iii. Geographic Correlation

[0056] A postal code provided by the site 30 can be compared to thetelephone number. This can be done, for example, by calculating thedistance from the geographic location of the centroid of the twodimensional area represented by the zip code, to the geographic locationof the central office (PSTN switching station) serving as the lastswitching point for a call placed to the telephone number. Using thisdistance, the site 30 can make policy decisions based on how close thephone number must be to the address known for the visitor V. Forexample, the visitor V could be using a home phone for a businesstransaction late at night. The site 30 could have a policy to mark thetransaction suspect if the distance is more than what the site 30 deemsreasonable for the maximum commute from a person's home to work.

[0057] In addition to accepting data input from the visitor V via thetelephone keypad, system 10 can also accept spoken input usingcommercially available speech recognition software P-2.From a securityprospective, software P-2 strengthens the use of voice recordings forthe audit trail.

[0058] With speech recognition, the system 10 can ensure that the voicerecordings are clear and recognizable. For example, site 38 couldrequire the visitor V to recite the phone number dialed, one digit at atime. Since the site 30 knows the phone number, using speech recognitionduring the recording enables it to verify that the visitor V has clearlyand correctly spoken the number, ensuring a high quality voicerecording. Therefore these recordings can be more highly trusted forsubsequent human review or automated voice biometric comparisons.

[0059] System 10 can incorporate commercially available software P-3 toconvert text data to speech at the time of the transaction. This enablesthe system, via site 38, to deliver electronic security credentialsaudibly via the telephone in addition to, or instead of visually via theweb pages. This could be useful for applications that are required todeliver security information (like a randomly generated temporary accesspassword) via an out-of-band network other than the Internet. This isalso useful when the audible instructions for the site visitor V cannotbe determined before the phone call is made. For example, the system 10could cause random verification data to be spoken via annunciationsoftware P-3 to practically eliminate the ability for a person toattempt to pre-record answers using someone else's voice.

[0060] The voice recordings taken during the registration process can beused to determine the voice biometrics of the visitor V (at the time ofacquisition or at a later date). The system 10 includes commerciallyavailable voice biometric software P-4 to analyze a good quality voicerecording and create a “voice print” (or voice biometric), similar to afingerprint or a written signature. It is a digital representation ofthe unique characteristics of the users voice and vocal tract. Usingthis voice biometric, the system 10 can use commercially availablesoftware to compare one voice with another. This allows the system todetermine (within the accuracy of the voice biometric tools) if thevoice of the visitor V is the same as that of the person who hadpreviously used the system.

[0061] The first time the visitor V uses the system 10, two factors ofauthentication are used:

[0062] 1. the ability of that person to answer a phone call at their ownphone number (“something you have”)

[0063] 2. and knowledge of a shared secret (“something you know”). Oncethe voice biometric has been captured, in each subsequent use of thesystem a third factor of biometric authentication (“something you are”)can be added to the previously described two factors. This significantlyincreases the strength of the authentication or authorization decisionmade based on this information.

[0064] The system employs two different (at least in part) communicationlinks to reach the site visitor. The embodiments described herein usethe Internet as the data communication link and the PSTN as the voicecommunication link. Each of the communication links has their own methodof identifying the specific device being used by the site visitor. Theembodiments described herein use IP address as the addressing method forthe data communication device (e.g. the site visitor's computer), anduse the public telephone number as the addressing method for the voicecommunication device (e.g. the site visitor's telephone).

[0065] Preferably, in a system implemented in accordance herewith (i)the communication links have a separate, independently verifiableaddressing method, (ii) at least one of the communication links supportsvoice communication between the site visitor and theauthentication/authorization site, and (iii) the security of both linksis trusted by both the target and authentication/authorization sites.The links may even share some portion of a physical connections betweendevices (as discussed with regard to single versus multiplecommunication lines located at the site visitor's location).

[0066] Various voting-type products can be created based on the abovedescribed system and functionality.

[0067] A typical on-line voting application today is exercisingshareholder proxy voting rights. These voting applications typicallyrequire the use of a Personal Identification Number (PIN) that is sentvia the postal mail to the street address on record for thestockholder(s). After receiving the PIN, any one of the members of thathousehold can go to a website, where the PIN is used as the soleidentification of the stock rights being voted.

[0068] System 10 could be used to deliver the PIN verbally via a phonecall, instead of using the postal mail. Instead of mailing a printedletter, system 10 could call the stockholder(s) at a known telephonenumber(s) and deliver the PIN via text-to-speech. This increases thesecurity by providing an audit trail as to whom the PIN was actuallydelivered (the phone number used and the voice recording of the personwho accepted the delivery), as well as being less costly than the moremanual process of mailing printed materials. The PIN can then be used ina known fashion to carry out the voting process.

[0069] However, voting in a Federal or State election requires much moresecurity than simply mailing a PIN to a postal address. The typicalmanual systems in use today use a two-step process. First, a person mustregister to vote. This is usually done by requiring a person's physicalpresence at a State or Federal agency so that agency personnel may checkrecords to verify that the individual is a resident, not previouslyregistered, not listed as deceased, and other similar checks. At thetime of registration, the authority captures the person's signature. Thesecond stage takes place at the polls.

[0070] Each time a person exercises a right to vote, poll officialsauthenticate prospective voters by manual comparison of the signature onrecord with a signature executed before them. They may also require theperson to possess a voter registration card or some other type oftrusted credential (e.g. a drivers license).

[0071] System 10 could be used to fully automate the process. Theprocess would require the capture of a voice biometric during voterregistration (instead of a signature). This registration could stillrequire physical presence, or could be done remotely using system 10.The requirement would be that at least two forms of authentication takeplace (e.g. shared secret and access to your home phone), and a goodquality voice recording be captured. That trusted voice recording wouldthen be used to create a voice biometric specific for that voter(similar to their written signature).

[0072] Once a person has registered to vote, he or she would simply goto a web site to place their vote. At that web site, they would be askedfor a phone number where they can be reached at that moment (or thesystem could require them to be at a known, trusted phone number that ison record for that voter).

[0073] The system 10 would use previously discussed software P-1 fortelephone data lookup to obtain information about the owner of thatphone and it's approximate location. At the same time, a phone callwould be placed to that number. When the voter answered the phone, he orshe would be requested to speak a shared secret (for example somethingsimilar to the manual check of a voter ID number, or a driver's licensenumber). While the voter is speaking the shared secret, the system willbe comparing the voice with the previously created voice biometric data.Now the system has:

[0074] The phone number called

[0075] The phone number's owner and location information

[0076] The spoken shared secret

[0077] Voice recording(s) of the voter

[0078] And a biometric comparison against the voice used duringregistration

[0079] Using all this data, the system 10 can apply whatever rules thevote conducting authority wishes to enforce relative to authenticationof the voter. This process can be even more secure than the manualprocess, because:

[0080] The system is fully automated so there is no chance of collusion

[0081] The audit trail can be re-verified later if there is a dispute

[0082] It is also more effective than the manual process since it doesnot require the physical presence of the voter to cast his or her vote.This system can thus be used in absentee ballot situations.

[0083] The Table II-A and the FIG. 2A illustrate the use of the System10 in a way that has the service site 38 directly interact with thevisitor V. The visitor V is redirected from interacting directly withthe target site 30, to interacting directly with the authentication &authorization service site 38 prior to placing the phone call. When thephone call is complete the visitor is redirected back to the targetsite. This model is called the “redirect model”. The redirect model istypically used when the target site wishes to off-load as muchprocessing as possible.

[0084] The Table II-B and the FIG. 2B illustrate the use of the System10 in a way that has the service site 38 interact only with the targetsite 30. The visitor V only interacts directly with the target site 30.The target site uses the authentication & authorization service site 38as a service provider. This model is called the “server-to-servermodel”. The server-to-server model has no requirements of the type ormethod of interaction with the site visitor. The visitor could beinteracting with the target site using the Internet, or the visitorcould be interacting with the target site indirectly, such asinteracting with a clerk at a store, who is using a point of saleterminal, which in turn is communicating with the target site. TABLEII-A FIG. Responsible 2A Interaction site A Site visitor initiatesactivity Target site that requires authentication or (30) authorizationA Determine phone number to Target site use (30) A Gather any additionaldata Target site from site visitor (30) B Redirect site visitor to theTarget site Service site with data (30) C Determine if site visitor hasService site single or multiple (38) communication lines T Place phonecall to site visitor Service site (38) C Prompt user with random Servicesite number to be entered via (38) telephone C Possible phone callprogress Service site (busy, etc.) (38) D Redirect site visitor back toService site Target site with session (38) completion status and data AConclusion: Target site Successful = deliver credential (30) Failure =error messages

[0085] TABLE II-B FIG. Responsible 2B Interaction site A Site visitorinitiates activity Target site that requires authentication or (30)authorization A Determine phone number to Target site use (30) A Gatherany additional data Target site from site visitor (30) A Determine ifsite visitor has Target site single or multiple (30) communication linesE Send request directly to Target site Service site with data (30) APrompt user with random Target site number to be entered via (30)telephone T Place phone call to site visitor Service site (38) E QueryService site for possible Target site phone call progress (busy, etc.)(30) and display to site visitor E Send Target site session Service sitecompletion status with data (38) A Conclusion: Target site Successful =deliver credential (30) Failure = error messages

[0086]FIG. 3 illustrates an application of the “server-to-server model”system and method in accordance with the invention. A point of salesystem 11 uses the authentication/authorization service 38 to authorizethe use by a purchaser O of a credit card for a high value transactionwith a salesperson S.

[0087] The salesperson enters the purchase request and the credit cardnumber into the point of sale terminal 13, which communicates therequest to the selling company's computer 14′. The computer 14′ requestsapproval for the use of the credit card from the credit card issuingcompany's computer 39 over data communications links 18 and 32 via anelectronic network 26.

[0088] The credit card company determines from its records R that theowner of the card wishes to be contacted for authorization of anypurchase over a certain value. Since this is a high value transaction,this triggers a server-to-server request to theauthentication/authorization service site 38 over data communicationlinks 34 and 36 via an electronic network 26. The request to servicesite 38 contains at least a phone number for the credit card owner (fromrecords R), and the value of the transaction.

[0089] Upon receiving the request, the service site 38 executes specificprestored instructions P to place a phone call to the phone numberprovided (in this case the card owner's mobile phone) via the telephonenetwork 44 and voice communication link 17. Several phone numbers couldbe provided and the system could attempt to contact the owner using eachone sequentially.

[0090] When the card owner O answers the mobile phone, the service siteinforms the owner “You have requested a telephone call to approve anyhigh value transaction using your credit card. Please press # to acceptthis call”. The owner presses # on the mobile phone to accept the calland the service site responds by dynamically generating a voice requestusing annunciation software P-3 to inform the owner of the specificvalue of the transaction. The speech requests the owner to say, “Iapprove the two thousand dollar purchase” to approve the purchase. Theowner speaks the words and the speech recognition software P-2 validatesthat the owner has approved the transaction.

[0091] After giving voice feedback of the recognition to the owner, thephone call is terminated by the service site. The service site saves thevoice recording and all other information regarding the authorizationwithin transaction records D for future auditing purposes.

[0092] The authorization results are communicated back to the creditcard company's computer 39, which communicates the purchase approvalback to the selling company's computer 14, and the salesperson 13.

[0093] If required by the credit card company, voice biometricverification software P-4 could be used to compare the voice of theowner speaking the approval with the voice print of the owner within thecredit card company's records R. This would require the authorizationrequest sent to the service site 38 to include either the voice printitself, or a voice print identifier, which would be used to locate theactual voice print within data records D.

[0094] In summary, this authentication and/or authorization system, usesa site visitor's ability to have physical access to answer a specifictelephone number as one factor of authentication of that site visitor (a“something you have”). In addition, it incorporates one or more of:

[0095] A. Provides random data via one of the communication links to thesite visitor, which must be immediately (when using multiplecommunication lines), or within a very limited amount of time (whenusing only one communication line) be input into the other communicationline by the site visitor and validated by the system to ensure the sameperson is using both devices at that time.

[0096] B. Uses third-party data to validate location and/or ownership ofthe device represented by the identifier used to access said device(e.g. the billing address of a telephone number or the person or companythat registered for a specific IP address).

[0097] C. Looks for correlations between the data related to each of thetwo communication links.

[0098] D. Records details about both communication sessions (e.g. timeand date, device identifier (telephone number, IP address of sitevisitor's computer), recordings of the site visitor's voice, etc.) andrelated third-party data associated with the device identifiers (as in B& C above) for subsequent audit purposes.

[0099] E. Verifies the site visitor's knowledge of a secret piece ofdata shared between the target site and the site visitor, and uses thisverification as a second factor of authentication of the site visitor (a“something you know”).

[0100] F. Verifies the voice of the site visitor using commerciallyavailable voice biometric comparison algorithms, and uses thisverification as a third factor of authentication of the site visitor (a“something you are”).

[0101] G. Delivers data to the site visitor via either one or both ofthe communication links (e.g. displays a partial password on thecomputer screen and/or speaks a partial password over the telephone).

[0102] From the foregoing, it will be observed that numerous variationsand modifications may be effected without departing from the spirit andscope of the invention. It is to be understood that no limitation withrespect to the specific apparatus illustrated herein is intended orshould be inferred. It is, of course, intended to cover by the appendedclaims all such modifications as fall within the scope of the claims.

What is claimed:
 1. A security enhancing system comprising: a switchedtelephone network-type communication system and a second systemdifferent from the first system at least in part. executableinstructions for communicating with a party via the second system;executable instructions for requesting a telephone number from theparty, usable to initiate communications via the telephone system,executable instructions for interrogating at least one database toverify that any provided telephone number is associated with the party.2. A system as in claim 1 wherein the interrogating instructions includeinstructions for providing name and address information from at leastone of the databases associated with the telephone number.
 3. A systemas in claim 1 wherein the interrogating instructions includeinstructions for carrying out a geographic correlation between aprovided telephone number and a geographical identifier associated withthe party.
 4. A system as in claim 3 wherein the geographical identifiercomprises a postal zone code associated with the party.
 5. A system asin claim 4 which includes executable instructions for correlating thepostal zone code with a switching location, associated with thetelephone number, which is part of the telephone system.
 6. A system asin claim 1 which includes: executable instructions for placing a call,via the telephone network, to the provided telephone number of theparty; and additional executable instructions to determine that the callhas been answered and another communication link has been opened.
 7. Asystem as in claim 6 which includes executable instructions forforwarding to the party, via the second system, identity confirmatoryinformation.
 8. A system as in claim 7 which includes executableinstructions for requesting that the party feedback the identifyconfirmatory information via the telephone system.
 9. A system as inclaim 8 which includes executable instructions for evaluating thefeedback identity confirmatory information.
 10. A system as in claim 9which includes executable instructions for evaluating the feedbackidentity confirmatory information by comparing it to the informationforwarded to the party.
 11. A system as in claim 8 wherein theinstructions request a verbal recitation of the forwarded identityconfirmatory information.
 12. A system as in claim 11 wherein thereceived verbal recitations are analyzed by speech recognitioninstructions.
 13. A system as in claim 12 which includes instructionsfor comparing recognized speech, the verbally recited identityconfirmation, to the information forwarded to the party.
 14. A system asin claim 1 wherein the interrogating instructions comprise instructionsto access at least one third-party telephone database.
 15. A system asin claim 14 wherein the interrogating instructions include additionalinstructions for carrying out a geographical correlation between aprovided telephone number and a geographic identifier associated withthe party.
 16. A system as in claim 1 which includes executableinstructions for audibly forwarding to the party, via the telephonesystem, a selected security credential.
 17. A system as in claim 8 whichincludes executable instructions for audibly forwarding to the party,via the telephone system, a selected security credential.
 18. A systemas in claim 12 which includes executable instructions for audiblyforwarding to the party, via the telephone system, a selected securitycredential.
 19. A system as in claim 16 wherein the selected securitycredential comprises a personal identifier enabling the recipient tocarry out a predetermined transaction.
 20. A system as in claim 19wherein the predetermined transaction comprises one of a commercialtransaction and a civic transaction.
 21. A method comprisingestablishing two different electronic communications paths whereby afirst path is established, and, based on information obtained thereby anaddress is established to open the second path; verifying the identityof a party who has established the paths by, at least in part,processing audio responses received by the second path so as torecognize words embedded therein and comparing representations of therecognized words to selected, prestored word sequences , and, inresponse thereto, audibly providing to the party, via the second path, apredetermined credential.
 22. A method as in claim 21 which includesinterrogating at least one third-party database to evaluate thetrustworthiness of the address.
 23. A method as in claim 22 whichincludes evaluating the address with respect to selected mail deliveryinformation associated with the party.
 24. A method as in claim 22 whichincludes carrying out a geographical correlation between the address andother information associated with the party.
 25. A voting systemcomprising: executable instructions enabling a potential voter to logonto a communication system for voter registration; executableinstructions for obtaining selected information from the potential voteralong with an identifier for a second communication system from thepotential voter; executable instructions for evaluating the identifierin the context of the selected information and information fromthird-party sources to ascertain a degree of reliability as to therelationship between the identifier and the potential voter, and,executable instructions, responsive to the degree of reliability, forinitiating communications with the potential voter via the secondsystem, using the identifier, including instructions for audiblycommunicating with the potential voter to obtain and store an audiblybased personal identifier for the potential voter and for identifyingthe potential voter as a registered voter.
 26. A system as in claim 25which includes: executable instructions enabling an individual whichclaims to be a registered voter to initiate communications via onecommunications link to identify himself-herself for voting; instructionsto authenticate the voter as someone entitled to cast a vote and forproviding an indicium as to the authenticity of the individual as theregistered voter.
 27. A system as in claim 26 wherein the instructionsto authenticate the voter include creating a current audibly basedpersonal identifier and comparing the current form of the identifierwith the stored, audibly based personal identifier.
 28. A system as inclaim 27 wherein the instructions to authenticate the voter includeinstructions to receive information via the one communications link andto receive a verbal form of that information from the individual via adifferent communications link.
 29. A method of carrying out atransaction between a customer and supplier comprising: enteringtransaction information; seeking authorization for the transaction froma selected provider; checking a customer information file and forwardingan authorization request to a service provider; responding, at theservice provider, by opening an audio communications link with thecustomer, using the link and forwarding an authorization inquiry to thecustomer; receiving an audio reply from the customer; storing arepresentation thereof and evaluating the reply; returning informationconcerning the reply to the selected provider; and receiving theinformation and determining if the transaction should be authorized. 30.A method as in claim 29 wherein the entered transaction informationincludes customer identifying information, and, the selected providerprovides credit authorizing services.
 31. A method as in claim 30wherein the credit authorizing provider obtains customer identifyinginformation from a database and forwards same along with theauthorization request to the service provider.
 32. A method as in claim31 which includes using the customer identifying information toestablish an address in a communication system for the customer andusing the address to open the audio communications link.
 33. A method asin claim 32 which includes producing machine generated speech forcommunicating with the customer and forwarding the authorization inquiryvia the link.
 34. A method as in claim 33 wherein the received audioreply is processed at the service provider and evaluated for content.35. A method as in claim 34 wherein the processed audio reply is saved.36. A method as in claim 34 wherein the information returned to theselected provider includes a representation of the content.
 37. A methodas in claim 36 wherein the information returned includes arepresentation of the processed audio.
 38. A method as in claim 34wherein the selected provider, in the determining step authorizes thetransaction, based at least in part, on the processed audio reply.
 39. Amethod as in claim 38 wherein the transaction is authorized by theselected provider responding to a source of the entered transactioninformation.
 40. A method as in claim 30 wherein the selected provider,in the determining step, determines if it will accept a charge by thecustomer to effect the transaction.
 41. A method as in claim 29 whereinafter the entering step, a first communications channel is opened to theselected provider.
 42. A method as in claim 41 wherein the checking stepincludes obtaining a telephone umber for the customer.
 43. A method asin claim 42 wherein the audio communications link is established byplacing a call to the telephone number for the customer.
 44. A method asin claim 43 wherein the forwarding step includes producing syntheticspeech asking the customer to authorize the transaction.
 45. A systemcomprising: two communications channels, different at least in part,wherein one channel is a voice channel and the other is a data channel,wherein each channel has at least one address and wherein at least oneof the addresses is associated with a channel user; executableinstructions for carrying out at least one of an authentication, anauthorization and a registration process, wherein the process includesexecutable instructions for at least one of, using third-party datasources, geographic correlation processing, speech recognitionprocessing to provide clear and recognizable recordings, syntheticspeech to verbally deliver security information, and, creating a voicebiometric.
 46. A system as in claim 45 wherein some of the instructionsare executed at a target site and others at a site for at least one ofauthentication, authorization, registration processing.
 47. A system asin claim 46 wherein some of the target site instructions communicatewith the channel user and others communicate with the other site toimplement the authentication, authorization, registration processing.48. A system as in claim 47 wherein the other site uses the addressassociated with the user to open the voice channel with the user.
 49. Asystem as in claim 48 wherein the other site includes executableinstructions to verbally deliver security information to the user.
 50. Asystem as in claim 49 wherein the other site includes executableinstructions to carry out a geographic correlation of the address andthe other user related information.
 51. A system as in claim 45 whichincludes a granting site and a separate authorizing site wherein thegranting site is couplable at least to the data channel and theauthorizing site is couplable to the voice channel and wherein theexecutable instructions are located, at least in part, at theauthorizing site.
 52. A system as in claim 51 which includes executableinstructions at the granting site for responding to a customer driventransaction inquiry, and for, forwarding transaction information to theauthorization site for communicating with the customer.
 53. A system asin claim 52 which includes executable instructions at the authorizationsite, responsive to the transaction information, for opening the voicechannel to the customer.
 54. A system as in claim 53 wherein theauthorization site includes instructions for interacting with thecustomer by providing verbal authorization information to the customer,and for receiving verbal reply information from the customer.
 55. Asystem as in claim 45 wherein the instructions for creating a voicebiometric include instructions for determining and storing at least onevoice print of the user associated with the voice channel.
 56. A systemas in claim 55 which includes instructions for comparing a previouslystored voice print to a current voice print for the same user.
 57. Asystem as in claim 1 which includes executable instructions for creatinga voice biometric of the party.
 58. A system as in claim 1 whichincludes executable instructions for comparing a newly created voicebiometric to a previously stored biometric for the party.
 59. Executableinstructions in a system having two communications channels, differentin part, wherein one channel is a voice channel, wherein each channelhas a user address, wherein the instructions comprise: executableinstructions to couple a security indicium to a user via one channel;executable instructions enabling the user to return the securityindicium via the voice channel; executable instructions for comparingthe indicium provided to the user to the returned indicium for useridentity verification; executable instructions for comparing currentuser and channel information to pre-stored third party data; executablespeech recognition instructions for processing the returned indicium foran audit trail; and executable instructions for forming a current voicebiometric of the returned indicium.
 60. Instructions as in claim 59which include instructions to compare the current voice biometric with apre-stored biometric for the user.